CVE-2025-34082 CRITICAL

CVE-2025-34082: IGEL OS Secure Terminal and Secure Shadow Remote Code Execution

Vendor Igel Technology Gmbh

Product OS

Weakness CWE-78

Published July 3, 2025

Last update May 14, 2026

View on NVD All CVEs

CVSS base score

9.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure Terminal and Secure Shadow services. The flaw arises due to improper input sanitization in the handling of specially crafted PROXYCMD commands on TCP ports 30022 and 5900. An unauthenticated attacker with network access to a vulnerable device can inject arbitrary commands, leading to remote code execution with elevated privileges. NOTE: IGEL OS v10.x has reached end-of-life (EOL) status.

Key dates

02Disclosure timeline

July 3, 2025 CVE published

May 14, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-34082

Related vulnerabilities

Identifiers

CVE CVE-2025-34082

CWE CWE-78

CVSS 9.3 / CRITICAL

Affected versions

Vendor Igel Technology Gmbh

Product OS

Affected ≥ 11 and < 11.04.270

Vendor Igel Technology Gmbh

Product OS

Affected ≥ 10 and < 10.06.220

CVE-2025-34082: IGEL OS Secure Terminal and Secure Shadow Remote Code Execution

01Description

02Disclosure timeline

03References

04Related CVE